In recent years, malicious software developers have attempted to proliferate malware by generating thousands or potentially millions of variations of malicious files. Because many existing anti-virus technologies detect malicious files by identifying a unique digital signature or fingerprint for each variation of a malicious file (a technique known as blacklisting), conventional anti-virus technologies have struggled to protect computing resources from such malware due to their inability to quickly and correctly identify the digital signatures for each of the potentially millions of variations of malicious files.
Due to these limitations, some security-software vendors have turned to whitelisting technologies. In a whitelisting system, computing systems may only access or execute applications or files on a preapproved whitelist. Security-software vendors may create whitelists either manually or automatically, such as through the use of web-spidering techniques. However, given the high number of new files and applications created and published on a daily basis, many security-software vendors have struggled with manually creating comprehensive whitelists. Moreover, many automatic techniques for creating whitelists only identify a portion of known legitimate files. Conventional automatic techniques are also prone to falsely identifying illegitimate files as legitimate, and vice-versa, further limiting the viability of a whitelist generated using such a technique.
In light of these deficiencies, at least one security-software vendor has begun investigating reputation-based security schemes. In a reputation-based security system, a security-software vendor may attempt to determine the trustworthiness of a file by collecting, aggregating, and analyzing data from potentially millions of user devices within a community, such as the security-software vendor's user base. For example, by determining a file's origin, age, and prevalence within the community (such as whether the file is predominantly found on at-risk or “unhealthy” machines within the community), among other details, a security-software vendor may gain a fairly accurate understanding as to the trustworthiness of the file.